Merge pull request openshift#8804 from pawanpinjarkar/log-node-image-expiry-message

openshift-merge-bot[bot] · web-flow · commit fb271c24269c · 2024-08-09T11:33:00.000Z
AGENT-938: Enhance console logging to display node ISO expiry date during addNodes workflow
diff --git a/data/data/agent/systemd/units/agent-auth-token-status.service b/data/data/agent/systemd/units/agent-auth-token-status.service
@@ -11,4 +11,4 @@ ExecStart=/usr/local/bin/agent-auth-token-status.sh
 Restart=no
 
 [Install]
-WantedBy=multi-user.target agent-add-node.service
+WantedBy=agent-add-node.service
diff --git a/pkg/asset/agent/gencrypto/authconfig.go b/pkg/asset/agent/gencrypto/authconfig.go
@@ -232,26 +232,27 @@ func (a *AuthConfig) createOrUpdateAuthTokenSecret(kubeconfigPath string) error
 		return err
 	}
 	// Calculate 24 hours before the expiration time
-	thresholdTime := expiryTime.Add(-24 * time.Hour)
+	thresholdTime := expiryTime.UTC().Add(-24 * time.Hour)
 	// Check if current time is past the thresholdTime time of 24 hours
 	if time.Now().UTC().After(thresholdTime) {
 		// update the secret in the cluster with a new token from asset store
 		err = a.refreshAuthTokenSecret(k8sclientset, retrievedSecret)
 		if err != nil {
 			return err
 		}
-		logrus.Debug("Auth token secret regenerated and updated in the cluster")
 	} else {
 		// Update the token in asset store with the retrieved token from the cluster
 		a.AgentAuthToken = retrievedToken
+		// get the token expiry time of the retrieved token from the cluster
+		a.AgentAuthTokenExpiry = expiryTime.UTC().Format(time.RFC3339)
 
 		retrievedPublicKey, err := extractPublicKeyFromSecret(retrievedSecret)
 		if err != nil {
 			return err
 		}
 		// Update the asset store with the retrieved public key associated with the valid token from the cluster
 		a.PublicKey = retrievedPublicKey
-		logrus.Debugf("Reusing existing auth token (valid up to %s)", expiryTime)
+		logrus.Infof("Reusing existing auth token (valid up to %s)", a.AgentAuthTokenExpiry)
 	}
 	return err
 }
@@ -261,8 +262,10 @@ func (a *AuthConfig) createSecret(k8sclientset kubernetes.Interface) error {
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: authTokenSecretName,
+			// only for informational purposes
 			Annotations: map[string]string{
 				"updatedAt": "", // Initially set to empty
+				"expiresAt": a.AgentAuthTokenExpiry,
 			},
 		},
 		Type: corev1.SecretTypeOpaque,
@@ -273,9 +276,10 @@ func (a *AuthConfig) createSecret(k8sclientset kubernetes.Interface) error {
 	}
 	_, err := k8sclientset.CoreV1().Secrets(authTokenSecretNamespace).Create(context.Background(), secret, metav1.CreateOptions{})
 	if err != nil {
-		return fmt.Errorf("failed to create auth token secret: %w", err)
+		return fmt.Errorf("failed to create secret: %w", err)
 	}
-	logrus.Debugf("Created auth token secret %s/%s", authTokenSecretNamespace, authTokenSecretName)
+	logrus.Infof("Generated auth token (valid up to %s)", a.AgentAuthTokenExpiry)
+	logrus.Infof("Created secret %s/%s", authTokenSecretNamespace, authTokenSecretName)
 
 	return nil
 }
@@ -285,12 +289,14 @@ func (a *AuthConfig) refreshAuthTokenSecret(k8sclientset kubernetes.Interface, r
 	retrievedSecret.Data[authTokenPublicDataKey] = []byte(a.PublicKey)
 	// only for informational purposes
 	retrievedSecret.Annotations["updatedAt"] = time.Now().UTC().Format(time.RFC3339)
+	retrievedSecret.Annotations["expiresAt"] = a.AgentAuthTokenExpiry
 
 	_, err := k8sclientset.CoreV1().Secrets(authTokenSecretNamespace).Update(context.TODO(), retrievedSecret, metav1.UpdateOptions{})
 	if err != nil {
 		return err
 	}
-	logrus.Debugf("Updated auth token secret %s/%s", authTokenSecretNamespace, authTokenSecretName)
+	logrus.Infof("Auth token regenerated (valid up to %s)", a.AgentAuthTokenExpiry)
+	logrus.Infof("Updated secret %s/%s", authTokenSecretNamespace, authTokenSecretName)
 	return nil
 }
 
diff --git a/pkg/asset/agent/image/agentimage.go b/pkg/asset/agent/image/agentimage.go
@@ -14,6 +14,7 @@ import (
 	"github.com/openshift/assisted-image-service/pkg/isoeditor"
 	hiveext "github.com/openshift/assisted-service/api/hiveextension/v1beta1"
 	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/agent/gencrypto"
 	"github.com/openshift/installer/pkg/asset/agent/joiner"
 	"github.com/openshift/installer/pkg/asset/agent/manifests"
 	"github.com/openshift/installer/pkg/asset/agent/workflow"
@@ -36,6 +37,7 @@ type AgentImage struct {
 	bootArtifactsBaseURL string
 	platform             hiveext.PlatformType
 	isoFilename          string
+	imageExpiresAt       string
 }
 
 var _ asset.WritableAsset = (*AgentImage)(nil)
@@ -48,6 +50,7 @@ func (a *AgentImage) Dependencies() []asset.Asset {
 		&AgentArtifacts{},
 		&manifests.AgentManifests{},
 		&BaseIso{},
+		&gencrypto.AuthConfig{},
 	}
 }
 
@@ -66,8 +69,12 @@ func (a *AgentImage) Generate(ctx context.Context, dependencies asset.Parents) e
 		a.isoFilename = agentISOFilename
 
 	case workflow.AgentWorkflowTypeAddNodes:
+		authConfig := &gencrypto.AuthConfig{}
+		dependencies.Get(authConfig)
+
 		a.platform = clusterInfo.PlatformType
 		a.isoFilename = agentAddNodesISOFilename
+		a.imageExpiresAt = authConfig.AgentAuthTokenExpiry
 
 	default:
 		return fmt.Errorf("AgentWorkflowType value not supported: %s", agentWorkflow.Workflow)
@@ -218,6 +225,7 @@ func (a *AgentImage) PersistToFile(directory string) error {
 		return err
 	}
 
+	var msg string
 	// For external platform when the bootArtifactsBaseURL is specified,
 	// output the rootfs file alongside the minimal ISO
 	if a.platform == hiveext.ExternalPlatformType {
@@ -237,15 +245,19 @@ func (a *AgentImage) PersistToFile(directory string) error {
 		if err != nil {
 			return err
 		}
-		logrus.Infof("Generated minimal ISO at %s", agentIsoFile)
+		msg = fmt.Sprintf("Generated minimal ISO at %s", agentIsoFile)
 	} else {
 		// Generate full ISO
 		err = isoeditor.Create(agentIsoFile, a.tmpPath, a.volumeID)
 		if err != nil {
 			return err
 		}
-		logrus.Infof("Generated ISO at %s", agentIsoFile)
+		msg = fmt.Sprintf("Generated ISO at %s.", agentIsoFile)
+	}
+	if a.imageExpiresAt != "" {
+		msg = fmt.Sprintf("%s. The ISO is valid up to %s", msg, a.imageExpiresAt)
 	}
+	logrus.Info(msg)
 
 	err = os.WriteFile(filepath.Join(directory, "rendezvousIP"), []byte(a.rendezvousIP), 0o644) //nolint:gosec // no sensitive info
 	if err != nil {
